Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Mediawiki

sanitizing tag extension parameters for js output

  

 
Wikipedia mediawiki RSS feed   Index | Next | Previous | View Threaded


jimhu at tamu

May 9, 2012, 8:27 AM

Post #1 of 1 (126 views)
Permalink
sanitizing tag extension parameters for js output
I just threw together a simple tag extension to embed a twitter live stream search widget from

http://twitter.com/about/resources/widgets/widget_search

in a wiki page. It just takes the following parameters from $input:

title=<title>
subject=<subject>
query=<query>

These get dropped into a <script> that is returned. It works, but now I'm wondering what I should do to sanitize the values of title, subject, and query. I don't want to just use In the js, the values are all inside single quotes. I was thinking that I would use strip_tags combined with substituting single quotes with &#39;

preg_replace('/\W/', '', $t)

would disallow hashtags and @'s, right?

Jim

=====================================
Jim Hu
Professor
Dept. of Biochemistry and Biophysics
2128 TAMU
Texas A&M Univ.
College Station, TX 77843-2128
979-862-4054



_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Wikipedia mediawiki RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.